527698 – [TRACKER] Removal of "selinux? ( sec-policy/selinux-* )" dependency from DEPEND (not RDEPEND!)

Bug 527698 - [TRACKER] Removal of "selinux? ( sec-policy/selinux-* )" dependency from DEPEND (not RDEPEND!)

Summary: [TRACKER] Removal of "selinux? ( sec-policy/selinux-* )" dependency from DEPE...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	SELinux (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sven Vermeulen (RETIRED)

URL:
Whiteboard:
Keywords:	Tracker

Depends on:	527702 527704 527706 527708 527710 527712 527714 527716 527718 527720 527722 527726 527730 527732 527734 527736 527738 527740 527742 527744 527746 527748 527750 527752 527754 527756 527758 527760 527762 527764 527766 527768 527770 527772 527774 527778 527780 527782 527784 527786 527790 527792 527794 527796 527798 527800 527802 527804 527806 527808 527810 527812 527814 527816 527818 527820 527822 527824
Blocks:
	Show dependency tree

Reported:	2014-11-01 08:03 UTC by Sven Vermeulen (RETIRED)
Modified:	2017-01-19 18:48 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sven Vermeulen (RETIRED) gentoo-dev

2014-11-01 08:03:48 UTC

Short version:

Please remove the USE="selinux" dependency in the DEPEND variable (not RDEPEND) of the package if the dynamic dependency only referred to the sec-policy/selinux-* package(s). Take this into account with your next package bump - if after 6 months there have been no need for other package upgrades, we will be bumping the package(s) ourselves with just this change.


Longer version:

Recent evolutions in the SELinux support inside Gentoo made the need for DEPEND dependencies towards sec-policy/selinux-* packages obsolete. In the past, we needed this to set the file contexts of newly installed packages without risking that their files would not be labeled properly. Recently, we moved some of the logic inside the SELinux eclass so that the policy package dependency can remain on the RDEPEND only.

As this changes the information inside an ebuild that influences the VDB of the package managers, such change requires a package version bump [1]. For the majority of Gentoo users though, this is a change that has no benefit for them (as the "selinux" USE flag is masked and only usable in the SELinux profiles). Revbumping all packages would give a (very) big rebuild with no reason.

For this reason, we ask you to take this change into account for the next package update(s) so that this change can trickle through the Portage tree without influencing end users unnecessarily. We will keep an eye out for packages that don't change much and will perform the change ourselves 6 months after notification. That way, the majority of packages will already be updated (through their regular package updates) and we still have a lifecycle on this SELinux-related change.

This approach was mentioned in August this year on the Gentoo development mailinglist [2], which also provides a bit more information as to why the DEPEND dependency was needed in the first place.

[1] http://www.gossamer-threads.com/lists/gentoo/dev/289827
[2] http://www.gossamer-threads.com/lists/gentoo/dev/291590


Reproducible: Always

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2014-11-02 07:53:01 UTC

As per the discussion on the gentoo-mailinglist (same thread as mentioned in the description) the change can be made without revbump, so I can go forward with this myself.

Sorry for the noise.

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2014-11-02 14:45:19 UTC

Packages updated.